root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 4 Packages Projects Releases Wiki Activity
9,290 Commits 24 Branches 372 Tags 283 MiB
Commit Graph

9290 Commits

Author SHA1 Message Date
Andy Wilkinson 2e76687d17 Merge branch '1.4.x' into 1.5.x 2016-11-08 13:50:41 +00:00
Andy Wilkinson 5f44598d8b Remove use of static import that Checkstyle prohibits 2016-11-08 13:50:15 +00:00
Andy Wilkinson 218d28f74c Merge branch '1.4.x' into 1.5.x 2016-11-08 13:22:58 +00:00
Andy Wilkinson 33dcd853fd Ensure that health endpoint remains insecure without Spring Security 
The changes made in 6a2ac080 mean that getSecurity() on
ManagementServerProperties will no longer return null when Spring
Security is on the classpath. This had the unwanted side-effect of
causing the health endpoint to hide its details when Spring Security
was not on the classpath.

This commit reinstates the previous behaviour by only considering
the health endpoint to be secure if Spring Security is on the
classpath and management.security.enabled is true.

Closes gh-7345
 2016-11-08 13:18:05 +00:00
Andy Wilkinson 3a2d9e31ff Merge branch '1.4.x' into 1.5.x 2016-11-08 10:36:56 +00:00
Andy Wilkinson 808185ab4e Make LaunchedURLClassLoader Java 6 compatible again 
Closes gh-7334
 2016-11-08 10:35:18 +00:00
Andy Wilkinson e576225959 Merge branch '1.4.x' into 1.5.x 2016-11-08 10:03:58 +00:00
Andy Wilkinson aafb308eaf Merge pull request #7334 from Christoph Dreis 
* gh-7334:
  Reinstate LaunchedURLClassLoader's registration  as parallel capable
 2016-11-08 10:02:55 +00:00
dreis 7a797909ae Reinstate LaunchedURLClassLoader's registration as parallel capable 
Closes gh-7334
 2016-11-08 09:58:14 +00:00
Stephane Nicoll 5878e5eec5 Merge branch '1.4.x' into 1.5.x 2016-11-08 10:57:58 +01:00
Stephane Nicoll 318701daa7 Apply DispatcherServlet customizations to MockMvc 
This commits makes sure that customizations on `DispatcherServlet` are
also applied to the `TestDispatcherServlet` that `MockMvc` is using
internally.

Closes gh-5891
 2016-11-08 10:56:54 +01:00
Andy Wilkinson 08a9dcd4a7 Upgrade to Apache Artemis 1.4.0 
Closes gh-7343
 2016-11-08 08:19:37 +00:00
Stephane Nicoll 774ddc3602 Merge branch '1.4.x' into 1.5.x 2016-11-08 07:50:28 +01:00
Stephane Nicoll 18c2a2f4fe Upgrade to Spring Framework 4.3.4.RELEASE 
Closes gh-7213
 2016-11-08 07:48:53 +01:00
Andy Wilkinson bb6330e9df Merge branch '1.4.x' into 1.5.x 2016-11-08 06:46:29 +00:00
Andy Wilkinson adfc5d22ca Upgrade to Spring Integration Java DSL 1.1.4.RELEASE 
Closes gh-7342
 2016-11-08 06:44:47 +00:00
Andy Wilkinson bc2a412408 Upgrade to Spring Integration 4.3.5.RELEASE 
Closes gh-7341
 2016-11-08 06:44:15 +00:00
Andy Wilkinson e136ef6f7d Upgrade to Spring AMQP 1.6.4.RELEASE 
Closes gh-7340
 2016-11-08 06:43:42 +00:00
Andy Wilkinson 42581debfe Upgrade to Spring Security OAuth 2.0.12.RELEASE 
Closes gh-7339
 2016-11-08 06:38:48 +00:00
Madhura Bhave 82f89b4ac1 Add custom headers to allowed CORS headers for CF actuators 
Update CORS configuration to support Authorization and X-Cf-App-Instance.

See gh-7108
 2016-11-07 15:37:09 -08:00
Stephane Nicoll 3018e95261 Merge branch '1.4.x' into 1.5.x 2016-11-06 11:44:12 +01:00
Stephane Nicoll d405265e83 Merge pull request #7326 from sebastiankirsch:master 
* pr/7326:
  Polish contribution
  Add @Inherited to all AutoConfigure* classes
 2016-11-06 11:43:58 +01:00
Stephane Nicoll ebfd86ea26 Polish contribution 
Closes gh-7326
 2016-11-06 11:42:45 +01:00
sebastiankirsch e8b0a64872 Add @Inherited to all AutoConfigure* classes 
See gh-7326
 2016-11-06 11:39:12 +01:00
Stephane Nicoll 101528f41a Merge branch '1.4.x' into 1.5.x 2016-11-06 11:36:16 +01:00
Stephane Nicoll f80dbd1a21 Upgrade to joda-time 2.9.5 
Closes gh-7308
 2016-11-06 11:34:13 +01:00
Stephane Nicoll b51f92d9a4 Merge branch '1.4.x' into 1.5.x 2016-11-06 11:25:44 +01:00
Stephane Nicoll 32950bfec1 Merge pull request #7299 from vpavic:resource-server-config 
* pr/7299:
  Fix JWT token URI derivation
 2016-11-06 11:25:15 +01:00
Vedran Pavic 5783cd5593 Fix JWT token URI derivation 
Closes gh-7299
 2016-11-06 11:24:50 +01:00
Stephane Nicoll 01e66ecbd5 Merge branch '1.4.x' into 1.5.x 2016-11-05 11:15:27 +01:00
Stephane Nicoll 4311cf333f Remove sample reference in build 2016-11-05 11:14:50 +01:00
Stephane Nicoll 2c71cb8efd Polish 2016-11-05 11:10:17 +01:00
Stephane Nicoll 4407194c00 Replace sample by integration test 
Closes gh-3888
 2016-11-05 11:09:36 +01:00
Stephane Nicoll 389acb094b Merge branch '1.4.x' into 1.5.x 2016-11-05 07:43:09 +01:00
Stephane Nicoll 44a32d0a5b Merge pull request #7322 from izeye:polish-20161105 
* pr/7322:
  Polish
 2016-11-05 07:42:50 +01:00
Johnny Lim ec9f0ab6b4 Polish 
Closes gh-7322
 2016-11-05 07:42:37 +01:00
Phillip Webb 6c76353682 Default `management.cloudfoundry.enabled` to true 
Update `CloudFoundryActuatorAutoConfiguration` so that it is enabled
when `management.cloudfoundry.enabled` is missing.

See gh-7108
 2016-11-04 17:26:25 -07:00
Madhura Bhave a77cfc3b0e Skip SSL validation when calling Cloud Foundry 
Update CloudFoundrySecurityService so that SSL validation is not
required. We're unlikely to have configured public keys for the
REST endpoints we need to call. Since the endpoints are provided via
environment variables we can implicitly trust them.

See gh-7108
 2016-11-04 17:26:25 -07:00
Madhura Bhave 862a06eb7a Add POST to allowed CORS methods for CF actuators 
Update CORS configuration to support POST.

See gh-7108
 2016-11-04 16:41:49 -07:00
Madhura Bhave 1005feb27d Update discovery endpoint to respect AccessLevel 
Change `CloudFoundryDiscoveryMvcEndpoint` so that `AccessLevel` rights
are consulted so that only accessible links are returned.

See gh-7108
 2016-11-04 16:41:49 -07:00
Madhura Bhave 340f1d5574 Add security for Cloud Foundry actuators 
Add security to Cloud Foundry actuator endpoints. Security is enforced
by a `HanderInterceptor` on `CloudFoundryEndpointHandlerMapping`. Each
endpoint call expects an 'Authorization' header containing a bearer
token. The token signature is checked against the UAA public keys then
passed to the Cloud Controller to obtain an ultimate access level.

The client may either have 'RESTRICTED' or FULL' access, with the latter
only providing access to a limited set of endpoints.

See gh-7108
 2016-11-04 16:41:48 -07:00
Phillip Webb f15e0482c5 Merge branch '1.4.x' into 1.5.x 2016-11-04 16:01:02 -07:00
Phillip Webb 1bd53ea9d8 Support package private requestFactory classes 
Update `RestTemplateBuilder` to support package private `requestFactory`
classes.

Fixes gh-7319
 2016-11-04 15:58:27 -07:00
Phillip Webb 221feac3ec User random server port in devtools tests 
Update `LocalDevToolsAutoConfigurationTests` to ensure that a random
server port is used rather than 8080.

Fixes gh-7268
See gh-7039
 2016-11-04 12:24:50 -07:00
Andy Wilkinson e5073a7172 Upgrade to Spring Security 4.2.0.RC1 
Closes gh-7186
 2016-11-04 07:44:18 +00:00
Andy Wilkinson 025bafd911 Polish new Actuator sample 2016-11-03 22:40:12 +00:00
Phillip Webb 81c5753f4d Merge branch '1.4.x' into 1.5.x 2016-11-03 14:49:38 -07:00
Phillip Webb 90afc8ebbe Formatting 2016-11-03 14:48:10 -07:00
Phillip Webb 6a2ac080ac Create our own SessionCreationPolicy enum 
Update `ManagementServerProperties` so that `security.sessions` no
longer uses `SessionCreationPolicy` from Spring Security. We now
use our own enun which allows `management.security.*` properties to
be set without the risk of a `ClassNotFoundException`.

Fixes gh-3888
 2016-11-03 14:36:49 -07:00
Andy Wilkinson bdfceae24c Merge branch '1.4.x' into 1.5.x 2016-11-03 20:15:13 +00:00